Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams

摘要

A software system and service for facilitating organizational testing of employees in order to determine their potential susceptibility to phishing scams is disclosed to evaluate their susceptibility to e-mail and Internet cybercrimes such as phishing. The e-mail addresses of a client organization's employees are provided to the system, a phishing e-mail is created and customized, and a phishing e-mail campaign in which the phishing e-mail message is sent and the responses to the phishing e-mail is monitored, and the results of the e-mail campaign are provided for evaluation. The phishing e-mail may optionally contain attachments and various types of probes and “call home” mechanisms.

主权项

1. A system for facilitating an information technology administrator of a client organization to assess the potential susceptibility of employees of the client organization to phishing scams, the system comprising:
an appliance comprising at least one processor device that is accessible by the information technology administrator of a client organization to set up a phishing e-mail campaign, the appliance comprising:
a first module configured to facilitate entry of the e-mail addresses of a group of individuals into one or more address books;a second module configured to facilitate creation of a phishing e-mail that includes at least a link;a third module configured to facilitate creation of a web page accessible by a recipient of the phishing e-mail by clicking on the link included in the phishing e-mail;a fourth module configured to facilitate establishment of a campaign by selecting and correlating at least one address book and at least one phishing e mails e-mail to be sent;a fifth module configured to execute the campaign by sending the phishing e-mail(s) to the group of individuals in the address book(s);a sixth module configured to monitor responses to the phishing e-mail(s) by recipients of phishing e-mail(s) who respond by providing potentially confidential information, the sixth module further configured to instruct an employee's web browser to profile potentially confidential information provided by recipients of phishing e-mail(s) and to avoid collecting potentially confidential information provided by recipients of phishing e-mail(s); anda seventh module configured to provide analysis of responses to the phishing e-mail(s) for review by the information technology administrator.